MORSECORP Settles $4.6 Million Cybersecurity False Claims Act Case: A Major Milestone in Defense Industry Accountability

MORSECORP Settles Landmark Case on Cybersecurity Compliance

On March 26, 2025, Whistleblower Law Collaborative LLC announced a significant resolution in a False Claims Act case against MORSECORP, Inc. The defense contractor, based in Cambridge, Massachusetts, has agreed to pay $4.6 million, in addition to interest, due to allegations of failing to meet essential cybersecurity controls required to safeguard sensitive government information.

Overview of the Settlement

This settlement is remarkable not only for its financial implications but also for being the first substantial False Claims Act settlement involving a defense contractor's failure to manage cybersecurity measures adequately. MORSECORP, operating under the name MORSE (Mission Oriented Rapid Solution Engineering), had several contracts with the U.S. Department of Defense, particularly with the Army and Air Force.

The case originated from a lawsuit filed in January 2023 by a whistleblower concerned about MORSECORP’s cybersecurity practices. The allegations suggested that the company did not fully comply with the cybersecurity standards outlined in NIST SP 800-171, which are critical for protecting government data. Key issues raised included the absence of a comprehensive system security plan and the use of third-party cloud services that didn’t meet federal security requirements. Furthermore, the whistleblower revealed that MORSECORP had inflated its SPRS assessment scores to the Defense Department regarding its cybersecurity practices.

Whistleblower Actions and Government Response

The whistleblower's actions took the form of a qui tam complaint under the False Claims Act, which allows private individuals to file lawsuits on behalf of the government against entities suspected of defrauding it. Should the lawsuit succeed, the whistleblower stands to receive a share of the total recovery — between 15% and 30% of the government's take.

Following the whistleblower's claims, the government initiated an investigation. On March 17, 2025, the Department of Justice indicated its intent to intervene against MORSECORP to facilitate a settlement, leading to the announcement of the $4.6 million settlement on March 25, 2025.

In the words of United States Attorney Leah B. Foley, “Federal contractors must fulfill their obligations to protect sensitive government information from cyber threats... contractors who follow the rules are not at a competitive disadvantage.”

Commendations for Government Efforts

The whistleblower expressed gratitude for the efforts of the Department of Justice, the U.S. Attorney's Office in Massachusetts, and other relevant agencies that conducted a thorough investigation. The individual noted, “Becoming a whistleblower was not an easy decision... I felt I had no other choice to protect sensitive government information.” This highlights the challenging yet critical role that whistleblowers play in ensuring accountability.

Attorney Bruce C. Judge from Whistleblower Law Collaborative underscored the bravery of the whistleblower, stating, “Our client drew on his extensive knowledge of the applicable cybersecurity requirements to identify significant gaps in MORSECORP's practices.” This case exemplifies how individuals can drive change in compliance and regulatory standards.

Implications for Cybersecurity in Defense Contracts

This landmark settlement marks a pivotal shift in the government's approach to enforcing cybersecurity compliance among defense contractors. After years of warnings and reliance on self-certification, the MORSECORP settlement signals that severe financial penalties will follow breaches of cybersecurity obligations. Additionally, this case reinforces that whistleblowers play a vital role in identifying and remedying violations.

In 2021, the DOJ launched its Civil Cyber-Fraud Initiative to address the pressing issue of cybersecurity compliance among federal contractors. This initiative aims to ensure contractors adhere to government cybersecurity standards and promptly report any breaches or incidents.

As the Department of Justice, the Department of Defense, and other agencies ramp up investigations and prosecutions surrounding cybersecurity violations, individuals aware of such breaches are encouraged to step forward and report these concerns. Whistleblower Law Collaborative remains dedicated to representing whistleblowers who can expose such critical issues.

To conclude, the MORSECORP case not only sheds light on accountability within the defense sector but also paves the way for a more stringent enforcement era in cybersecurity regulations. The call to action for whistleblowers reinforces the shared responsibility in protecting national security and sensitive information from cyber threats.